Phishing emails have become extraordinarily convincing. Modern attacks replicate the exact branding, fonts, and tone of the companies they impersonate. A fake PayPal email now looks almost identical to a genuine one. The difference is always in the details — and this guide shows you exactly where to look.
Step-by-Step: How to Check Any Email in 60 Seconds
Step 1 — Check the actual sender address, not the display name
Every email client shows a display name — which anyone can set to anything. What matters is the email address behind it. In Gmail, click the sender's name to expand the full address. In Outlook, hover over the name. In Apple Mail, click the arrow next to the name.
A legitimate email from PayPal will come from an address ending in @paypal.com — not @paypal-security.net, not @paypal.support.com, not @gmail.com.
Scammers use legitimate-looking subdomains to fool you. "mail.amazon.com.accounts-verify.net" looks like it contains "amazon.com" — but the actual domain is "accounts-verify.net". Always read a URL from right to left, starting at the first forward slash.
Step 2 — Hover over every link before clicking
On desktop, hover your mouse over any link and the real URL will appear in the bottom-left corner of your browser. Does it match the company's actual domain? If the email says "log in to your Amazon account" but the link shows anything other than amazon.com, do not click. On mobile, press and hold the link to preview the full URL before opening it.
Step 3 — Read for artificial urgency and threats
Phishing emails almost always contain urgency: "Your account will be suspended in 24 hours." "Unusual activity detected — verify immediately." This pressure is manufactured to prevent you from thinking carefully. Legitimate companies will not threaten you with immediate consequences for not clicking an email.
Step 4 — Check the greeting
Your bank knows your name. Amazon knows your name. If an email from a company you have an account with opens with "Dear Customer," "Dear User," or "Dear Account Holder" instead of your actual name, that is a strong signal it is a mass phishing message.
Step 5 — Look at the writing quality
Professional company communications are proofread. Phishing emails — even sophisticated ones — often contain subtle grammar errors, unusual capitalisation, or inconsistent formatting. A single typo in an official-looking email is an immediate red flag.
Step 6 — Be cautious with unexpected attachments
Unless you are expecting a specific document, treat any attachment — especially .zip, .exe, .docx, or .pdf files from unknown senders — with extreme caution. Malicious attachments are one of the primary delivery methods for ransomware.
Step 7 — Verify directly through the official source
If an email claims your bank account has an issue, do not click the link. Open your browser, type your bank's URL directly, and log in. Any real problem will show there. This single habit makes you immune to the vast majority of phishing attacks.
Quick phishing checklist
What to Do With a Phishing Email
- Do not click any links or download attachments.
- Do not reply — even to "unsubscribe" — as this confirms your address is active.
- Report it to the company being impersonated. Most have a dedicated address (e.g. phishing@paypal.com, stop-spoofing@amazon.com).
- Forward it to the Anti-Phishing Working Group at reportphishing@apwg.org.
- Report it to the FTC at reportfraud.ftc.gov.
- Delete it from your inbox and trash.
For further technical guidance, see CISA's phishing guidance and the Anti-Phishing Working Group.
Got a suspicious message right now?
Paste it into our free AI scam checker for an instant verdict with red flags identified and action steps.
Analyze this message free →